Table of Contents

1. Introduction
2. Installing prequisites
   1. Visual Studio 2008 Professional
   2. Windows Software Development Kit
   3. Windows Driver Kit
   4. Python
   5. WinRAR
   6. ActivePerl
3. Installing optional Git support
   1. Git for Windows
   2. GitExtensions
   3. KDiff3
   4. Git Source Control Provider
4. Building OpenSSL
5. Building LZO
6. Building OpenVPN
   1. Preparing the build tree
7. Integrating Git with Visual Studio (optional)
8. Troubleshooting
   1. Compiler warnings during OpenSSL build
   2. VS 2008 cross-tools issues during OpenSSL build
9. External links

Introduction

The traditional way to build OpenVPN for Windows is to cross-compile it on *NIX. This works, but does not allow signing the TUN/TAP driver, which is required for Windows Vista/7 and later. Due to this a new, relatively simple Python-based build system was written. This new build system allows building OpenVPN on Windows more easily, but requires the use of a commercial version of Visual Studio development environment. However, the new build system is "external" from Visual Studio's viewpoint, so meddling with VS's graphical user interface is not necessary.

Installing prequisites

Visual Studio 2008 Professional

Visual Studio 2008 Professional is required to build OpenVPN on Windows. Note that the free Express edition

Windows Software Development Kit

​Windows Software Development Kit (​Wikipedia page) may be necessary to build OpenVPN (verify this).

Windows Driver Kit

​Windows Driver Kit (​Wikipedia page) is required to build the TUN/TAP driver.

Python

The new Windows build system is written in ​Python. The Windows installer does not seem to add the python.exe to the PATH, so you need to do it [​manually.

WinRAR

​WinRAR or some other tool capable of extracting .tar.gz and .tar.bz2 archives is necessary to extract the LZO and OpenSSL release archives.

ActivePerl

​ActivePerl is required to build OpenSSL, which in turn is required to build OpenVPN. Look ​here for details. Probably a ​standard Perl installation would also do the trick.

Installing optional Git support

Git support is needed if you want to conveniently build the latest development code. You don't need Git support if you fetch the sources from another computer and copy them over, or use source code from release tar.gz or zip files.

Git for Windows

​Git for Windows or msysgit is required to work with Git repositories on Windows.

GitExtensions

​GitExtensions makes working with Git easier on Windows. It includes Visual Studio 2008 plugin, Windows explorer support and a GUI to configure and use Git repositories.

KDiff3

​KDiff3 is used in handling merge conflicts. It's required by GitExtensions.

Git Source Control Provider

​Git Source Control Provider is a Visual Studio 2008/2010 plugin. It can also be used to launch Git for Windows and GitExtensions from within Visual Studio.

Building OpenSSL

First download OpenSSL from ​here and extract it somewhere. Using the latest one ensures there are no (known) security holes in OpenSSL. For the most part you can then follow the instructions in INSTALL.W32 and INSTALL.W64 files. Before you start, though, launch the Visual Studio 2008 Command Prompt, which can be found from the Start menu. Unlike the standard command prompt it has all the paths to VC binaries set correctly.

From within this command prompt you'll first configure OpenSSL using the provided Perl script:

C:\openssl-1.0.0> perl Configure VC-WIN32 --prefix=c:/<openssl-install-directory>

Some of the crypto routines are written in assembler to increase performance, so you need to/should use an assembler in the next step. If you're building OpenSSL 0.9.8x you can choose between ​Microsoft Macro Assembler and ​NASM assembler. On OpenSSL-1.0.0 you need to use NASM as MASM is not supported anymore. Note that you need to add nasm.exe to the PATH. There are good generic instructions ​here.

If you're using MASM, run

C:\openssl-1.0.0> ms\do_masm

Or if you're using NASM, run

C:\openssl-1.0.0> ms\do_nasm

Next compile OpenSSL using the generated makefile:

C:\openssl-1.0.0> '''nmake -f ms\ntdll.mak'''
C:\openssl-1.0.0> nmake -f ms\ntdll.mak test
C:\openssl-1.0.0> nmake -f ms\ntdll.mak install 

Building LZO

The ​LZO library is required to build OpenVPN. Once you've unpacked the source package, open the B/00README.txt file to get an overview of the Windows build process. If all goes well, you'll only need to run one .bat file:

C:\lzo-2.0.4> B\win32\vc_dll.bat

Building OpenVPN

Preparing the build tree

If you want to build the latest development code fetch it using Git for Windows (Git shell) or GitExtensions (GUI). Check these instructions to see which Git URI to use.

The Python-based OpenVPN build system is pretty picky about it's directory layout, which should be like this:

• C:\openvpn-build\tapinstall\7600: devcon.exe sources. The last part of the path depends on WinDDK's major version you got installed.
• C:\openvpn-build\openvpn-testing: openvpn sources fetched from git

Once you have fetched OpenVPN sources you need to copy ​DevCon.exe source code to a directory which is preferably outside the openvpn source tree so that it does not get committed to the OpenVPN Git repository by mistake, as Microsoft would probably sue us for that. The source files can be found from <WINDDK_INSTALL_DIRECTORY>\<DDK_VERSION>\src\setup\devcon, for example C:\WINDDK\7600.16385.1\src\setup\devcon. If you don't modify win\settings.in you need to have a directory layout similar to this:

Next you probably want to customize a few variables in the win\settings.in file. Make sure to use a UNIX linefeed-capable editor such as wordpad.

### win\settings.in

# Point this to the openvpn-gui directory
!define OPENVPN_GUI_DIR "../openvpn-gui"
!define OPENVPN_GUI     "openvpn-gui-1.0.3.exe"

# Point these to OpenSSL and LZO install directories with DLLs and headers
!define OPENSSL_DIR       "../openssl"
!define LZO_DIR           "../lzo"

# Point this to a copy of DevCon.exe source directory. These sources can be found from the WDK directory, e.g. from 
# C:\WINDDK\7600.16385.1\src\setup\devcon
#
# Not needed if DRVBINSRC is defined
# (or if using pre-built mode).
!define TISRC   "../tapinstall"

Next fire up a console/MS DOS prompt and go to the win directory and start the build:

C:\openvpn-testing\win> python build_all.py

To clean up before or after thäe build, issue

C:\openvpn-testing\win> python build.py clean

Integrating Git with Visual Studio (optional)

If you wish to use Windows for OpenVPN development integrating Git with Visual Studio (2008) may make sense.

Troubleshooting

Compiler warnings during OpenSSL build

When building OpenSSL you're most likely encounter issues with trivial compiler warnings stopping the entire build. To circumvent this remove the /WX flag in the makefile as suggested in INSTALL.W32 file. This is harder than it seems for two reasons:

• The correct makefile is ms\ntdll.mak (not the Makefile in build root)
• You need to use Wordpad or other UNIX linefeed-aware editor to open and save the makefile

VS 2008 cross-tools issues during OpenSSL build

OpenSSL build is likely to break at several places if you're running Visual Studio 2008 x64 Cross-Tools Command Prompt instead of plain Visual Studio 2008 Command prompt. Consider reinstalling Visual Studio without cross-tools if you encounter either of these errors:

• fatal error LNK1112: module machine type X86 conflicts with target machine type x64 (in the middle of the build)
• Linker can't find link.obj (at the end of the build)

External links

• ​Compiling OpenVPN on Windows
• ​Build OpenVPN for Windows using Mingw32
• ​Compiling 2.1rc7 on Windows with VC (email thread)
• ​Installing Test-Signed Driver Packages
• ​Visual Studio article on Wikipedia
• ​Visual Studio Guide (in Italian)
• ​Another Visual Studio Guide (in Italian)
• ​Visual Studio C compiler command-line arguments
• ​System Information for Windows: a useful tool for debugging processor architecture issues